Historical Content Alert

This is a historical content for Windows 2000 product and is presented for informative purposes only. All content on this page is copyrighted and owned by Microsoft.

To renew a subordinate certification authority

  1. Log on to the system as an Administrator.
  2. Open Certification Authority.
  3. In the console tree, click the name of the certification authority (CA).

    • Certification Authority (computer)
    • CA name
  4. On the Action menu, point to All Tasks, and click Renew CA Certificate.
  5. Do one of the following:
    • Click Yes if you want to generate a new public and private key pair for the CA's certificate.
    • Click No if you want to reuse the current public and private key pair for the CA's certificate.
  6. Get the CA certificate from the parent CA. For more information, see Notes.

Notes

  • To open Certification Authority, click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.
  • To obtain the certificate for a subordinate CA, you must submit a certificate request to a parent CA. The procedure for doing so differs depending on whether the parent CA is available online.
    • If a parent CA is available online:
      1. Click Send the request directly to a CA already on the network.
      2. In Computer Name, type the name of the computer on which the parent CA is installed.
      3. In Parent CA, click the name of the parent CA.
    • If a parent CA is not available online:
      1. Click Save the request to a file.
      2. In Request file, type the path and file name of the file that will store the request.
      3. Obtain this subordinate CA's certificate from the parent CA.

        The procedure for doing this will be unique to the parent CA. At a minimum, the parent CA should provide a file containing the subordinate CA's newly issued certificate and, preferably, its full certification path. For the procedure to submit a certificate request using a file to a Windows 2000 CA, see Related Topics.

        If you get a subordinate CA certificate that does not include the full certification path, the new subordinate CA you are installing must be able to build a valid CA chain when it starts. Thus you must install the parent CA's certificate in the Intermediate Certification Authorities certificate store of the computer (if the parent CA is not a root CA), as well as the certificates of any other intermediate CA in the chain, and you must install the certificate of the root CA in the chain into the Trusted Root Certification Authorities store. These certificates should be installed in the certificate store before you install the CA certificate on the subordinate CA you have just set up.

      4. Open Certification Authority.
      5. In the console tree, click the name of the CA.

        • Certification Authority (computer)
        • CA name
      6. On the Action menu, point to All Tasks, and then click Install CA Certificate.
      7. Locate the certificate file received from the parent certification authority, click this file, and then click Open.

Share this article: